PHP Remote File Inclusion Vulnerability in JD-Wiki Component for Joomla!
CVE-2006-4074
Currently unrated
Summary
A PHP remote file inclusion vulnerability exists in the JD-Wiki Component (com_jd-wiki) versions 1.0.2 and earlier for Joomla!, specifically in the lib/tpl/default/main.php file. This vulnerability arises when the register_globals setting is enabled, allowing remote attackers to inject arbitrary PHP code through a manipulated URL in the mosConfig_absolute_path parameter. This can lead to unauthorized execution of code on the server, posing significant security risks to affected Joomla! installations.
References
Timeline
Vulnerability published
Vulnerability Reserved